[Heimdal-source-changes] [heimdal/heimdal] 410d96: kadmin: do not assign passwords at realm initializ...
GitHub
noreply at github.com
Tors Dec 27 07:11:29 CET 2018
Branch: refs/heads/master
Home: https://github.com/heimdal/heimdal
Commit: 410d96f480ed2f0d5896e442f63b208445a18ec0
https://github.com/heimdal/heimdal/commit/410d96f480ed2f0d5896e442f63b208445a18ec0
Author: Luke Howard <lukeh at padl.com>
Date: 2018-12-27 (Thu, 27 Dec 2018)
Changed paths:
M kadmin/init.c
M lib/kadm5/libkadm5srv-exports.def
M lib/kadm5/version-script.map
Log Message:
-----------
kadmin: do not assign passwords at realm initialization
Since c6bf100b password quality checks have been moved out of kadmindd and into
libkadm5. This means that all password changes are subject to quality checks,
if enforce_on_admin_set is true (the default). In rare instances it could be
possible for realm initialization to fail because the randomly generated
passwords do not pass the password quality test. Fix this by creating
principals with no password or key, rather than with a random password.
Random *keys* continue to be set immediately after the principal is created,
and before DISALLOW_ALL_TIX is unset, so there should be no functionality or
security implications from this change. It is safe to call a server-side API
such as kadm5_s_create_principal_with_key() as local_flag is asserted to be
true.
**NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/
Functionality will be removed from GitHub.com on January 31st, 2019.
More information about the Heimdal-source-changes
mailing list